What is an SSL certificate, and how do I get one?

It’s possible to use SSL security for your website on our servers. Doing so allows you to display secure, encrypted pages to your visitors.

You’ve probably seen SSL security in action when you purchased something online: your Web browser activates the “lock” icon and tells you that your connection is secure. Encrypted pages are used to submit credit card numbers, passwords, and other sensitive information.

To use SSL security on your website, you need what’s called an “SSL certificate”. The SSL certificate serves two purposes: it allows your visitors to encrypt the information they send to your website, and it proves your identity to visitors.

Getting an SSL certificate

SSL certificates used to be expensive, but we now provide free certificates from an organization called Let’s Encrypt, which is sponsored by Google, Mozilla, the Electronic Frontier Foundation, and others.

Why doesn’t my browser say my site is secure after I get a certificate?

What browsers do Let’s Encrypt certificates work with?

The free Let’s Encrypt certificate, installed on a free shared IP address, should work for visitors using any popular desktop browser and operating system released in 2007 and later, or any mobile browser and operating system released in 2010 and later. This covers almost everyone.

The certificate can also work with older browsers, notably Internet Explorer 6 and other browsers running on Windows XP, if you do two extra things:

Enable SSLv3, which is not usually recommended because it reduces security. (Most credit card companies won’t allow this, and therefore won’t allow you to accept credit card numbers from people using Windows XP at all.)

Limitations of free Let’s Encrypt certificates

In a small number of cases, a free Let’s Encrypt certificate may not be appropriate. We also offer paid AlphaSSL certificates that are a little more flexible. In particular, AlphaSSL certificates:

Can be installed for your site even if the hostname doesn’t yet point at our servers;

Can be made to work for “wildcard” subdomains, where you don’t need to specify the list of possible hostnames in advance; and

Can work with some unusual SSL client software, including direct connections from Java applets.

Other than these differences, AlphaSSL certificates work identically to Let’s Encrypt certificates.

AlphaSSL certificates cost $2.00 per month for a basic certificate and $5.00 per month for a wildcard certificate. If you want to order one of these, please contact us instead of using the “My Account” Let’s Encrypt certificate order form.

A reminder about credit card number security

When you use an SSL certificate to collect credit card numbers, remember that it only protects the visitor’s card number as it passes between his or her Web browser and your site. It does not help you securely store credit card numbers in a file or a database on the Web server, nor does it send the card numbers to you securely afterwards. Be sure your e-commerce system handles that end of the transaction in a secure manner (usually by using encryption to safely forward the data to another server at your credit card company).

Can I get an Extended Validation (EV) SSL certificate?

However, if you buy an EV certificate from another SSL company, we can usually install it on our servers for your site, as described below.

Can I use third-party SSL certificates on my site?

If another company has provided you with an SSL certificate that you want to use instead of a Let’s Encrypt certificate, we can usually install it for you at no extra charge. You’ll need to provide us with:

the private key file;

the certificate file; and

any “intermediate certificate” files.

In addition, the key file must not require a password to be entered when the web server is started.

Does Tiger Technologies offer SSL certificates for use on other servers?

No. We only provide SSL certificates for website hostnames that are directly hosted on our Web servers. We don’t sell or provide certificates for use with other servers.

If you need a certificate for other servers, you can probably get them yourself from the Let’s Encrypt service, completely unrelated to us.